Re: DNS cache poisoning attacks -- are they real?

• From: Suresh Ramasubramanian
• Date: Sun Mar 27 06:30:54 2005

• Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=rdaZO/U1TYLfh4cfHcbg6Y6EaqA2qN7hta/5hoWyJ1ueIMI7wildPv/Sbny3q2Hj1BoBAlqpn3pCagq59F6bAB13/xk8OcOES5mGG0yUA6Z7hWn1UjVt5pPMxLfuyzcr/exzQstse4gu2ALjz5iOoiCWxNdX8/bdcWQXz2RmonE=

On Sat, 26 Mar 2005 17:52:56 -0500 (EST), Sean Donelan <[email protected]> wrote:
> 
> On the other hand, there are a lot of reasons why a DNS operator may
> return different answers to their own users of their resolvers.  Reverse
> proxy caching is very common. Just about all WiFi folks use cripple
> DNS as part of their log on. Or my favorite, quarantining infected
> computers to get the attention of their owners.
> 

I hate that cripple dns stuff - they seem to add transparent proxying
of dns requests to it as well, sometimes.

I've seen cases where my laptop's local resolver (dnscache) suddenly
starts returning weird values like 1.1.1.1, 120.120.120.120 etc for
*.one-of-my-domains.com for some reason.

Thank $DEITY for large ISPs running open resolvers on fat pipes ..
those do come in quite handy in a resolv.conf sometimes, when I run
into this sort of behavior.

--srs

• Follow-Ups:
  • Re: DNS cache poisoning attacks -- are they real? Randy Bush
  • Re: DNS cache poisoning attacks -- are they real? Joe Maimon

• References:
  • DNS cache poisoning attacks -- are they real? Florian Weimer
  • Re: DNS cache poisoning attacks -- are they real? Sean Donelan

• Prev by Date: RE: "Bandwidth Advisors" - www.bandwidthadvisors.com
• Next by Date: Re: DNS cache poisoning attacks -- are they real?
• Date Index
• Thread Index
• Author Index
• Historical